Local councils don't encrypt

Just one in 10 local authorities in the UK encrypts all their sensitive data, according to new research.

By
Tash Shifrin, Computerworld UK
| Oct 12, 2007

| IDG News Service

Share

TwitterFacebookLinkedInGoogle Plus

Just one in 10 local authorities in the UK encrypts all its sensitive data, according to new research.

The survey of IT and security managers at 60 local councils and police authorities found that 45 percent of respondents encrypt data on "some computers carrying sensitive material", but only 10 percent encrypt data on all machines.

More than four in 10 respondents - 43 percent - said that no data was encrypted by their organisation.

But 38 percent of respondents said their organisation had been faced with an incident in which a laptop was lost or stolen during the past year - including one of the six police authorities in the survey, which was carried out by security vendor BeCrypt.

Three in 10 of those surveyed also reported that they had no procedures regarding use of USB devices - a common cause of security problems. Just 2 percent of organisations had imposed a total ban on USB devices, while 38 percent allowed limited use and implemented port control security.

The survey also highlighted a lack of disaster recovery planning. Only 8 percent of those surveyed said they had a full disaster recovery plan with facilities for secure mobile working and an alternative site in case of a major problem such as a flu pandemic or public transport collapse that prevented staff getting to the office.

Related

More than four in 10 respondents said they had "few plans" but that data was backed up, while 20 percent said staff would have to work from home using their laptops and 23 percent said an alternative site "would be set up".

Richard Brooks, BeCrypt's director of sales, said: "The use of laptops, USB devices and other removable media are posing an increasing risk to data security. The survey highlights that 30 percent of councils have no policy regarding the use of USB devices and the inadvertent or malicious threat of data leakage."